NETWORK SECURITY POLICY

Size: px
Start display at page:

Download "NETWORK SECURITY POLICY"

Transcription

1 NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics Service Governance Date Issued February 2014 Review Date February 2016

2 Version Control Sheet Document Title: Network Security Policy Version: 0.2 The table below logs the history of the steps in development of the document. See example below Version Date Author Status Comment 0.1 Feb th Jan 2014 Draft APPROVED Shared with Governance & Corporate Manager for initial comments Approved by Audit Committee

3 1 Introduction 2 Objective 3 Scope of this policy 4 Accountability 5 Definition of terms 6 Procedure 7 Training needs analysis 8 Equality impact assessment 9 Implementation and dissemination 10 Monitoring compliance with and the effectiveness of the policy 11 References 12 Associated documentation Appendix A Application for Remote Access

4 1 INTRODUCTION 1.1 This document defines the Network Security Policy for NHS North Kirklees Commissioning Group (referred to hereafter as the CCG). This policy is adhered to and supported by The Health Informatics Service (THIS) who are hosted by Calderdale and Huddersfield NHS Foundation Trust. 1.2 THIS provide IT support for the CCG via a contract with West & South Yorkshire & Bassetlaw Commissioning Support Unit (WSYBCSU). The requirements of this policy are consistent with the equivalent policies for neighbouring organisations that share common networks or receive services from THIS. The Network Security Policy applies to all business functions and information contained on the network, the physical environment and relevant people who support the network. 1.3 This document: a) Sets out the CCG's policy for the protection of the confidentiality, integrity and availability of the network; b) Establishes the security responsibilities for network security; c) Provides reference to documentation relevant to this policy. 2 AIMS & OBJECTIVES 2.1 The objective of this policy is to ensure the security of the CCG s network. To do this the CCG will: a) Ensure Availability Ensure that the system is available for users; b) Preserve Integrity Protect the network from unauthorised or accidental modification; c) Preserve Confidentiality Protect assets against unauthorised disclosure. 2.2 The purpose of this policy is to ensure the proper use of the CCG s network and make users aware of what the CCG deems as acceptable and unacceptable use of its network. 2.3 If there is evidence that any user is not adhering to the guidelines set out in this policy, this will be dealt with under the CCG s Disciplinary Procedure. 3 SCOPE OF THIS POLICY 3.1 The policy applies to all networks within the CCG used for:

5 a) The storage, sharing and transmission of non clinical data and images; b) The storage, sharing and transmission of clinical data and images; c) Printing or scanning non clinical or clinical data or images; d) The provision of internet systems for receiving, sending and storing non clinical or clinical data or images. 4. ACCOUNTABILITY 4.1 The Governing Body The Governing Body is responsible for ensuring that the necessary support and resources are available for the effective implementation of this Policy. 4.2 The Audit Committee The Audit Committee is responsible for the review and approval of this policy. 4.3 Chief Officer The Chief Officer has organisational responsibility for all aspects of Information Governance and is the Senior Information Risk Owner (SIRO) which includes responsibility for ensuring the CCG has appropriate systems and policies in place to ensure that the CCG has robust Network Security procedures in place 4.4 Heads of Service Heads of Service are responsible for ensuring that they and their staff are adequately trained, and are familiar with the content of this policy. 4.6 The Health Informatics Service (THIS) The Health Informatics Service s role, as determined through agreement with WSYBCSU, will: Implement an effective framework for the management of Network security in line with the CCG requirement Assist in the formulation of Information Network Policy and related policies and procedures Advise on the content and implementation of the relevant action plans Co-ordinate network security activities particularly those related to shared information systems or IT infrastructures Ensure that risks to IT systems are reduced to an acceptable level by applying security countermeasures identified following an assessment of the risk.

6 4.6.7 Ensure the systems, application and/or development of required policy standards and procedures in accordance with business needs, policy and guidance Ensure that access to the organisation's network is limited to those who have the necessary authority and clearance Advise on the accreditation of IT systems, applications and networks Support incident assessments, where necessary 4.8 Employees All personnel or agents acting for the organisation have a duty to: Safeguard hardware, software and information in their care Prevent the introduction of malicious software on the organisation's IT systems Users are responsible for ensuring their password is kept secret - passwords should not be shared Report on any suspected or actual breaches in security through the CCG s incident reporting mechanism s If you do not have any questions the CCG presumes that you understand and are aware of the rules and guidelines in the policy and will adhere to them. 5 NETWORK DEFINITION 5.1 The network is a collection of electronic devices such as servers, computers, printers and modems, which have been connected together by cables or wireless devices. The network is created to share data, software and peripherals, such as printers, modems, fax machines, internet connections, CD-ROM and tape drives, hard disks and other data storage equipment. 6 PROCEDURE 6.1 The overall Network Security Policy for the CCG is described below: The CCG information network will be available when needed and can be accessed only by legitimate users. The network must also be able to withstand or recover from threats to its availability, integrity and confidentiality. To satisfy this, the CCG will undertake the following:

7 a) Protect all hardware, software and information assets under its control. This will be achieved by implementing a set of well balanced technical and non technical measures; b) Provide both effective and cost effective protection that is commensurate with the risks to its network assets; c) Implement the Network Security Policy in a consistent, timely and cost effective manner; d) Where relevant, the CCG will comply with: - Copyright, Designs & Patents Act Access to Health Records Act Computer Misuse Act The Data Protection Act The Human Rights Act Electronic Communications Act Regulation of Investigatory Powers Act Freedom of Information Act Environmental Information Regulations Health & Social Care Act 2001 e) The CCG will comply with other laws and legislation as appropriate. 6.2 RISK ASSESSMENT THIS will carry out security risk assessment(s) in relation to all the business processes covered by this policy. These risk assessments will cover all aspects of the network that are used to support those business processes. The risk assessment will identify the appropriate security countermeasures necessary to protect against possible breaches in confidentiality, integrity and availability Risk assessment will be conducted to determine the IT Security (ITSEC) Assurance levels required for security barriers that protect the network Formal risk assessments will be conducted using CRAMM and will conform to ISO PHYSICAL AND ENVIRONMENTAL SECURITY Network computer equipment will be housed in a controlled and secure environment. Critical or sensitive network equipment will be housed in an environment that has a monitored temperature and power supply.

8 6.3.2 Critical or sensitive network equipment will be housed in secure areas, protected by a secure perimeter, with appropriate security barriers and entry controls Door lock codes will be changed periodically, following a compromise (or suspected compromise) of the code; Critical or sensitive network equipment will be protected from power supply failures Critical or sensitive network equipment will be protected by intruder alarms and fire suppression systems Smoking, eating and drinking is forbidden in areas housing critical or sensitive network equipment All visitors to secure network areas must be authorised by the Head of Professional Services, Portfolio Manager Networks or Portfolio Manager Back Office All visitors to secure network areas must be made aware of network security requirements All visitors to secure network areas must be logged in and out. The log will contain name, organisation, purpose of visit, date, and time in and out THIS Field Support Manager will ensure that all relevant staff are made aware of procedures for visitors Entry to secure areas housing critical or sensitive network equipment will be restricted to those whose job requires it. THIS Field Support Manager will maintain and periodically review a list of those with unsupervised access. 6.4 ACCESS CONTROL TO THE NETWORK Access to the network will be via a secure log-on procedure, designed to minimise the opportunity for unauthorised access. Remote access will be via secure two-part authentication There must be a formal, documented User registration and de-registration procedure for access to the network The departmental manager and the THIS Field Support Manager (or nominated officer) must approve User access Access rights to the network will be allocated on the requirements of the User s job, rather than on a status basis.

9 6.4.5 Security privileges (ie 'Super user' or network administrator rights) to the network will be allocated on the requirements of the user s job, rather than on a status basis Users will be sent a Code of Connection agreement, which they must familiarise themselves with Access will not be granted until the THIS Field Support Manager (or nominated officer) registers a user All users to the network will have their own individual User identification and password Users are responsible for ensuring their password is kept secret (see User Responsibilities) User access rights will be immediately removed or reviewed for those users who have left the CCG or changed jobs, in line with the human resources procedures 6.5 THIRD PARTY ACCESS CONTROL TO THE NETWORK Third party access to the network will be based on a formal contract that satisfies all necessary NHS security conditions and, if applicable, the Statement of Compliance The Network Operations Centre Manager is responsible for ensuring all third party access to the network is logged 6.6 REMOTE ACCESS Remote Access refers to any technology that enables the CCG to connect users from geographically dispersed locations The Health Informatics Service s Network Operations Centre Manager is responsible for ensuring that a formal risk assessment is conducted to assess risks and identify controls needed to reduce risks to an acceptable level The Health Informatics Service s Service Delivery Centre Manager is responsible for providing clear authorisation mechanisms for all remote access users Departmental Managers are responsible for the authorisation of all applications for remote access and for ensuring that appropriate awareness of risks are understood by proposed Users All remote access users are responsible for complying with this policy and associated standards. They must safeguard corporate equipment and information resources and notify the CCG immediately of any security incidents and/or breaches.

10 The Health Informatics Service s Head of Enterprise Services is responsible for ensuring that the Remote Access infrastructure is periodically reviewed, which could include but is not limited to independent third party penetration testing Any person wishing to apply for remote access, must complete the form at Annex A. 6.8 EXTERNAL NETWORK CONNECTIONS Ensure that all connections to external networks and systems have been documented and approved Ensure that all connections to external networks and systems conform to the NHS-wide Network Security Policy, the Statement of Compliance and supporting guidance The Network Operations Centre Manager is responsible for ensuring all connections to external networks and systems are approved before they commence operation. 6.9 MAINTENANCE CONTRACTS The Head of Enterprise Service will ensure that maintenance contracts are maintained and periodically reviewed for all network equipment. All contract details will constitute part of the Information Technology Asset register DATA AND SOFTWARE EXCHANGE Formal agreements for the exchange of data and software between organisations must be approved by the Caldicott Guardian or delegated authority FAULT LOGGING The Service Delivery Centre is responsible for ensuring that a log of all faults on the network is maintained and reviewed NETWORK OPERATING PROCEDURES Clear, documented operating procedures should be prepared for the operation of the network, to ensure its correct, secure operation Changes to operating procedures must be authorised by the Portfolio Manager Networks, and where there is a COIN (Community Of Interest Network)-wide implication this must be done through liaison with Calderdale and Huddersfield NHS Foundation Trust.

11 THIS will implement Security Operating Procedures (SyOps) and security contingency plans that reflect the Network Security Policy DATA BACKUP AND RESTORATION The Field Support Manager is responsible for ensuring that backup copies of switch configuration and data stored on the network are taken regularly A log should be maintained of switch configuration and data backups detailing the date of backup and whether the backup was successful Documented procedures for the backup process will be produced and communicated to all relevant staff Documented procedures for the storage of backup tapes will be produced and communicated to all relevant staff All backup tapes will be stored securely and a copy will be stored off-site Documented procedures for the safe and secure disposal of backup media will be produced and communicated to all relevant staff Users are responsible for ensuring that they store their own data to the network server Patches and any fixes will only be applied by Technologies Service Staff, following suitable change control procedure MALICIOUS SOFTWARE The Field Support Manager must ensure that measures are in place to detect and protect the network from viruses and other malicious software UNAUTHORISED SOFTWARE Use of any non-standard software 1 on CCG equipment must be approved by the Health Informatics Service Desk before installation. All software used on CCG equipment must have a valid licence agreement - it is the responsibility of the Information Asset Owner or Responsible User of non-standard software to ensure that this is the case 6.16 SECURE DISPOSAL OR RE-USE OF EQUIPMENT Ensure that where equipment is being disposed of all data on the equipment (e.g. on hard disks or tapes) is securely overwritten. For advice on assessment of re-use or destruction of equipment contact The Health Informatics Service Desk SYSTEM CHANGE CONTROL 1 Contact the Health Informatics Service Desk for advice on Trust standard software

12 The Service Delivery Centre is responsible for ensuring that appropriate change management processes are in place to review changes to the network; which would include acceptance testing and authorization. The Network Operations Centre Manager is responsible for ensuring all relevant Network documentation is up to date The Project Board and/or the Information Asset Owners are responsible for ensuring that selected hardware and software meets agreed security standards. Testing facilities will be used for all new network systems. Development and operational facilities will be separated SECURITY MONITORING The Network Operations Centre Manager is responsible for ensuring that the network is monitored for potential security breaches. All monitoring will comply with current legislation 6.19 REPORTING DATA SECURITY BREACHES & WEAKNESSES Data Security Breaches and weaknesses, such as the loss of data or the theft of a laptop, must be reported in accordance with the requirements of the CCG incident reporting procedure SYSTEM CONFIGURATION MANAGEMENT The Network Operations Centre Manager will ensure that there is an effective configuration management process for the network DISASTER RECOVERY PLANS The Health Informatics Service will ensure that disaster recovery plans are produced for the network and that these are tested on a regular basis UNATTENDED EQUIPMENT AND CLEAR SCREEN Users must ensure that they protect the network from unauthorised access. They must log off the network when finished working The CCG operates a clear screen policy that means that users must ensure that any equipment logged on to the network must be protected if they leave it unattended, even for a short time. Workstations must be locked or a screensaver password activated if a workstation is left unattended for a short time Users of terminals, which do not have the facility to lock, must log out when not using the terminal..

13 7 TRAINING NEEDS ANALYSIS 7.1 The CCG will provide basic Information Governance training through induction and/or mandatory training. All training throughout the CCG is recorded by WSYBCSU Workforce and Development Team. 8. Equality impact assessment 8.1. CCG aims to design and implement services, policies and measures that meet the diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. 9. Implementation and dissemination 9.1. Following ratification by the Audit Committee this policy will be disseminated to staff via the CCG s intranet and in house communication mechanisms This Policy will be reviewed every two years or in line with changes to relevant legislation or national guidance. 10. Monitoring compliance with and the effectiveness of the policy An assessment of compliance with requirements, within the Information Governance Toolkit (IGT), will be undertaken each year. Annual reports and proposed work programme will be presented to the Audit Committee for approval. 11. References Freedom of Information Act 2000 Data Protection Act 1998 Human Rights Act 1998 Common Law Duty of Confidence 12 ASSOCIATED DOCUMENTS (Policies, protocols and procedures) Information Security Policy Information Governance Policy and Framework Internet Policy Disciplinary Procedure Confidentiality and Data Protection Policy

14 Annex A APPLICATION FOR REMOTE ACCESS JOB NO To be completed by Health Informatics To ensure that your application is actioned correctly, it is important that all details are completed fully and accurately. If you have any queries please contact The Health Informatics Service Desk , 1. TYPE OF ACCESS REQUIRED Please see point 10 for description, system requirements and costs. Please indicate by a Standard (Webmail Access from any Computer) Advanced (Installed only on a CCG Laptop with Broadband Access from Home)* * The prerequisites for this service are a CCG laptop, broadband router and a home broadband connection.

15 2. APPLICANT DETAILS First Name(s) Last Name Work Tel Number inc STD Job Title Department 3. EMPLOYER DETAILS Who employs you? Please indicate by a Calderdale & Huddersfield NHS Foundation Trust Calderdale CCG Greater Huddersfield CCG North Kirklees CCG Wakefield CCG Social Services Other please state who employs you 4. LOCATION DETAILS Please give full postal address of your place of work

16 5. DECLARATION I have read and understand the terms and conditions of the Policy attached and agree to abide by it. Signed Date 6. AUTHORISED BY (applicant s Line Manager) First Name(s) Last Name Work Tel Number inc STD Job Title Signed Date 7. BUDGET HOLDERS DETAILS AND AUTHORITY I authorise recharging of the costs detailed in section 10 to the following budget code Budget Code First Name(s) Last Name Work Tel Number inc STD Signed Date

17 8. ON COMPLETION OF FORM Please check that this form has been completed fully and accurately. Incomplete/incorrect forms will be returned to you and will result in a delay in providing services. Please return the completed form to The Health Informatics Service Desk, Oak House Woodvale Office park Woodvale Road Brighouse HD6 4AB 5 9. WHAT HAPPENS NEXT The processing of this form will create a request to the Health informatics Service and a job no will be allocated For Standard service (Webmail only Access) you will be notified that the service is activated For Advanced service (Broadband Access) You will be contacted by Service Delivery Staff to make an appointment to configure your Laptop and provide you with training on the use of the Broadband Remote Access software. 10. SYSTEM REQUIREMENTS AND COSTS TYPE REQUIREMENTS COSTS Standard Computer at Home with Internet Access Internet Explorer Advanced Broadband Access at Home CCG supported laptop with Windows 2000/XP, CD ROM drive, Networked FOC Installation, client software and USB token FOC RAS Access 280 per annum Call charges for this service: FOC

18 The Health Informatics Service will not provide support for users personal computer equipment. The Health Informatics Service will provide training on the use of the Remote Access Client The Provision of a broadband service to your home address is the sole responsibility of the applicant. The user is responsible for configuring and the set up of any home networking requirement please note some ISP do not support VPN. PLEASE RETAIN THESE TERMS OF USE Network, Internet and Terms of Use 6 INTRODUCTION The CCG gives an assurance that it meets various information security criteria through signing up to the NHS Connecting for Health s Statement of Compliance and yearly mandatory self assessment against the Information Governance Toolkit. We expect all users of the network, internet and to use these services responsibly. It is essential, therefore, that as a user of the organisation s network, internet and services you understand and follow the Terms of Use to ensure that the security, integrity and performance of the systems are not compromised. Breaches of security, abuse of services or non-compliance with these Terms of Use may result in the withdrawal of internet/ services from the user and could result in disciplinary action. 7 YOUR RESPONSIBILTIES Be aware that when you are accessing any network, or internet based services provided by the organisation, the following conditions MUST apply, regardless of whether the computer equipment is owned by the organisation or not.

19 You should ensure that you have read and understood the Internet Use Policy and the Policy (please speak to your manager to obtain a copy) You must only access internet/ services via an individual login provided specifically for you. You must never share or divulge your individual login and/or password to others for access to the organisation s systems. Do not write passwords down. You may use the internet and services to access research material and other information relevant to your work, provided that it does not interfere with the performance of the network or systems. You may access internet sites and webmail accounts for personal use in accordance with the Internet and Use Policies. Please note - individual staff members and their line managers are responsible for ensuring that personal use does not interfere with the performance of work duties. Any personal use that has a negative impact on the performance of the network or systems may result in access to those sites/services being withdrawn. Illicit or illegal material must not be viewed/downloaded or obtained via or the Internet* You must not download unauthorised content/programmes onto the organisation s supported PCs/Laptops or electronic file storage areas** All authorised downloaded material must be virus checked at the time of downloading Be aware that use of internet/ is monitored and that activity logs are kept that show the content of accessed material and any impact on the capacity and performance of the network or systems. You may be required to make IT equipment/systems (that you use) available at any time for audit by the organisation Lock your workstation if you are leaving it [CTRL+ALT+DEL] or shut down or log off. Do not allow anyone else access whilst you are logged in to the computer. Avoid keeping confidential information on the hard drive. Ensure that work is saved to the network where possible, preferably within your departmental shared drive (if you need further advice about this ring The Service Desk on ) Do not divulge confidential information held on the computer to someone who has no right or permission to that information. Do not attempt to access any part of the system for which you do not have authorisation, or use information from the system inappropriately e.g. to find a colleague s birthday or address. Whilst accessing network,internet and services away from the organisations premises Please ensure caution when printing of any work related material; never leave printouts on printers unattended

20 is an insecure system. If you have a requirement to transfer sensitive electronic personal information (i.e. that relating to identifiable individuals) please refer to the policy or The Service Desk on for advice. Internet services are subject to unforeseen failure from time to time and cannot be guaranteed. The Health Informatics Service will maintain the network up to connection to the NHS Wide Network. BT maintains the network service up to the connection to the Internet. Any faults with individual external sites or services cannot be supported. * Advice:Please refer to the Internet user Policy for what constitutes illicit or illegal material or contact The Service Desk on ** For advice on authorised and unauthorised computer content/programmes please contact The Service Desk (Health Informatics) at on

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

INFORMATION TECHNOLOGY SECURITY POLICY

INFORMATION TECHNOLOGY SECURITY POLICY INFORMATION TECHNOLOG SECURIT POLIC Document Author Written By: Deputy Director of IM&T / Interim Head of ICT Authorised Signature Authorised By: Chief Executive Date: February 2015 Date: 17 March 2015

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

University of Aberdeen Information Security Policy

University of Aberdeen Information Security Policy University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...

More information

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by: Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

Dublin Institute of Technology IT Security Policy

Dublin Institute of Technology IT Security Policy Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Security Policy

Information Security Policy You can learn more about the programme by downloading the information in the related documents at the bottom of this page. Information Security Document Information Security Policy 1 Version History Version

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Information Security Policy London Borough of Barnet

Information Security Policy London Borough of Barnet Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Information Security Policy

Information Security Policy Information Security Policy Revised: September 2015 Review Date: September 2020 New College Durham is committed to safeguarding and promoting the welfare of children and young people, as well as vulnerable

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Remote Access Policy

Remote Access Policy BASINGSTOKE AND NORTH HAMPSHIRE NHS FOUNDATION TRUST Remote Access Policy Summary This is a new document which sets out the policy for remote access to the Trust s network and systems. Remote access is

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

Information Security Policy

Information Security Policy Information Security Policy 1 Version and Review Summary Rev Date Author Approver Revision description 1.00 April 2009 T Monachello Formal Review 1.01 1 st June 2009 T.Monachello Information Governance

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review:

Burton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review: POLICY DOCUMENT Burton Hospitals NHS Foundation Trust INFORMATION SECURITY POLICY Approved by: Executive Management Team On: 16 January 2014 Review Date: December 2015 Corporate / Directorate Clinical

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25

Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25 Information Security Policy Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25 Document Information Trust Policy Number : ULH-IM&T-ISP01 Version : 3.1 Status : Approved Issued by : Information Governance

More information

REMOTE WORKING POLICY

REMOTE WORKING POLICY Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY ISO 27002 5.1 Author: Owner: Organisation: Chris Stone Ruskwig TruePersona Ltd Document No: SP- 5.1 Version No: 1.0 Date: 10 th January 2010 Copyright

More information

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0

SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0 SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

NORTH SOMERSET COUNCIL. Corporate Information Security Policy

NORTH SOMERSET COUNCIL. Corporate Information Security Policy Corporate Information Security Policy NORTH SOMERSET COUNCIL Corporate Information Security Policy Version 1_8 FINAL Author Date Approved Review Date Contents Authorisation Statement... 3 Document Amendment

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

Information Security Policy

Information Security Policy Information Security Policy Contents 1. Introduction...2 2. Purpose...2 3. Governance and responsibility for information security...3 4. Risk Management...3 5. Asset Management and Classification...3 6.

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch

More information

IT Infrastructure Security Policy. Policy and Guidance

IT Infrastructure Security Policy. Policy and Guidance IT Infrastructure Security Policy Policy and Guidance June 2013 Project Name Product Title IT Infrastructure Security Policy Policy and Guidance Version Number 1.2 Final Document Control Organisation Mendip

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information

Information Technology Acceptable Use and Safeguards

Information Technology Acceptable Use and Safeguards Approved by: Information Technology Acceptable Use and Safeguards President and Chief Executive Officer Corporate Policy & Procedures Manual Number: X-50 Date Approved May 12, 2014 Next Review (3 years

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

UCD Information Technology Services Acceptable Use Policy

UCD Information Technology Services Acceptable Use Policy UCD Information Technology Services Acceptable Use Policy To safeguard individuals and to ensure the integrity and reliability of information services, UCD has a number of Use Policies. These are designed

More information

Computers and Internet Policy and Procedure

Computers and Internet Policy and Procedure Computers and Internet Policy and Procedure Computers and Internet Policy and Procedure Modification history Date Modification Person responsible 18/01/12 Modification of existing policy Roger Stevens

More information

Information Systems Acceptable Use Policy for Learners

Information Systems Acceptable Use Policy for Learners Information Systems Acceptable Use Policy for Learners 1. Introduction 1.1. Morley College is committed to providing learners with easy access to computing and photocopying facilities. However it needs

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information